[
https://issues.apache.org/jira/browse/SOLR-16613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Risden updated SOLR-16613:
--------------------------------
Description:
I'm looking into the TestRSAKeyPair and TestPKIAuthenticationPlugin test
failures on openj9 that are related to
https://lists.apache.org/thread/b3053cvc2jqw768jrrw8npxkow4k70r6
OpenJ9 Java does not pad the bytes input when encrypting RSA to the length of
the key. This causes bad padding exceptions. One example being:
{code:java}
FAILED: org.apache.solr.cloud.TestRSAKeyPair.testGenKeyPair
Error Message:
org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA
private key operation failed
Stack Trace:
org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA
private key operation failed
at
__randomizedtesting.SeedInfo.seed([2D2BFB9A63F6912:3C3644A048604FF0]:0)
at
app//org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:308)
at
app//org.apache.solr.cloud.TestRSAKeyPair.testRoundTrip(TestRSAKeyPair.java:47)
at
app//org.apache.solr.cloud.TestRSAKeyPair.testGenKeyPair(TestRSAKeyPair.java:32)
{code}
The code previously took the given input byte array and just tried to encrypt
it. For OpenJDK, this works since the input byte array is expanded out to the
size of the key in bytes. So 512 bits would be a 64 byte array or 2048 bits
would be a 256 byte array. In OpenJ9, the input byte array must be the same
size as the key size in bytes. I think this is a limitation of using NoPadding
for the algorithm here. The fix is to ensure the byte array is always the size
of the key size in bytes.
was:
I'm looking into the TestRSAKeyPair and TestPKIAuthenticationPlugin test
failures on openj9 that are related to
https://lists.apache.org/thread/b3053cvc2jqw768jrrw8npxkow4k70r6
OpenJ9 Java does not pad the bytes input when encrypting RSA to the length of
the key. This causes bad padding exceptions. One example being:
{code:java}
FAILED: org.apache.solr.cloud.TestRSAKeyPair.testGenKeyPair
Error Message:
org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA
private key operation failed
Stack Trace:
org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA
private key operation failed
at
__randomizedtesting.SeedInfo.seed([2D2BFB9A63F6912:3C3644A048604FF0]:0)
at
app//org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:308)
at
app//org.apache.solr.cloud.TestRSAKeyPair.testRoundTrip(TestRSAKeyPair.java:47)
at
app//org.apache.solr.cloud.TestRSAKeyPair.testGenKeyPair(TestRSAKeyPair.java:32)
{code}
> CryptoKeys should handle RSA padding for OpenJ9
> -----------------------------------------------
>
> Key: SOLR-16613
> URL: https://issues.apache.org/jira/browse/SOLR-16613
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Kevin Risden
> Assignee: Kevin Risden
> Priority: Major
>
> I'm looking into the TestRSAKeyPair and TestPKIAuthenticationPlugin test
> failures on openj9 that are related to
> https://lists.apache.org/thread/b3053cvc2jqw768jrrw8npxkow4k70r6
> OpenJ9 Java does not pad the bytes input when encrypting RSA to the length of
> the key. This causes bad padding exceptions. One example being:
> {code:java}
> FAILED: org.apache.solr.cloud.TestRSAKeyPair.testGenKeyPair
> Error Message:
> org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA
> private key operation failed
> Stack Trace:
> org.apache.solr.common.SolrException: javax.crypto.BadPaddingException: RSA
> private key operation failed
> at
> __randomizedtesting.SeedInfo.seed([2D2BFB9A63F6912:3C3644A048604FF0]:0)
> at
> app//org.apache.solr.util.CryptoKeys$RSAKeyPair.encrypt(CryptoKeys.java:308)
> at
> app//org.apache.solr.cloud.TestRSAKeyPair.testRoundTrip(TestRSAKeyPair.java:47)
> at
> app//org.apache.solr.cloud.TestRSAKeyPair.testGenKeyPair(TestRSAKeyPair.java:32)
> {code}
> The code previously took the given input byte array and just tried to encrypt
> it. For OpenJDK, this works since the input byte array is expanded out to the
> size of the key in bytes. So 512 bits would be a 64 byte array or 2048 bits
> would be a 256 byte array. In OpenJ9, the input byte array must be the same
> size as the key size in bytes. I think this is a limitation of using
> NoPadding for the algorithm here. The fix is to ensure the byte array is
> always the size of the key size in bytes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
